Tag Archives: mobile

SMS Fuzzing – SIM Toolkit Attack

Bogdan Alecu

SMS is a unique mobile attack vector as it is an always on service. Regardless of wether or not you’re using another application, an SMS can be received by the phone. As SMS is enabled by default on all phones it provides many interesting possibilities.

Tools Used

PDUSpy

Used to decode the binary message

Nokia 3300

Used for capturing

F-BUS cable

dct3tap

Wireshark

GSMTAP and SIMCARD patches

Gemalto GemPC SIM Card reader

SIM Application Toolkit

Provides value added services for the mobile operators.

Basically a set of commands written on the SIM card which helps the card to communicate with the mobile device.

We are particularly interested in the following data on the SIM Card

Data download via SMS Point to Point

When this service is enabled, it instructs the mobile device to respond to short message with varying protocol identifiers. This allows an attacker to send a message that goes straight to the SIM and is not shown to the user (the screen may light up on set phones).

By setting the second byte it is possible to trigger a delivery report. Setting the acknowledgement receipt via DELIVERY REPORT can result in any further messages being queued up until after the initial message expires (time out dependent on provider).

The person receiving the call is charged for the Acknowledgement at the standard rate of the provider. This is involuntary as the person receiving the message receives no warning.

Comments Off on [BruCON] The Monkey Steals the Berries
Posted by ChrisJohnRiley on September 24, 2010

The Monkey Steals the Berries (Tyler Shields)

Why would an attacker target a phone

PC’s are becoming smaller and smaller as more data is moved to the mobile platform. Mobile devices are also commonly less protected than desktop systems (like going back in time in some cases). It also allows for very targeted attacks.

The mobile arena is currently growing more than any other operating system. This makes it the target of the future. Once the various mobile platforms settle and the 2 or 3 major players are defined, things will become more targeted (as it was with Windows).

Mobile applications are another constant growth area giving another great chance to attack users.

Links

Disclaimer

The contents of this personal blog are solely my own opinions and comments, as such they do not reflect the opinions of my employer(s) past, present or future. No legal liability is accepted for anything you do, think, or consider fact as the basis of articles and links posted on this blog.

"Three to one...two...one...probability factor of one to one...we have normality, I repeat we have normality. Anything you still can’t cope with is therefore your own problem."

Note: A large portion of content I post on my blog comes from "live blogging" of security conferences. These posts are in notes form and are written live during a talk. As such errors and emissions are expected. I'm only human after all!